Wordpress Themes - WP Forum at BFA
There will be no more development for Atahualpa (or any other theme), and no support. Also no new registrations. I turned off the donation system. I may turn the forum to read only if it gets abused for spam. Unfortunately I have no time for the forum or the themes. Thanks a lot to the people who helped in all these years, especially Larry and of course: Paul. Take care and stay healthy -- Flynn, Atahualpa developer, Sep 2021

Wordpress Themes - WP Forum at BFA » WordPress Themes » Atahualpa 3 Wordpress theme » New Versions, & Updating »

?bfa_ata_file=css Source Code Disclosure


  #1  
Old Jul 3, 2011, 08:51 AM
KatyDigg's Avatar
KatyDigg
 
319 posts · Jul 2009
Hi Folks!

WP 3.1.4

ATA 3.6.7

> All 3.6.7 Bug Fixes employed.

> CSS is set to External.

I've just had scan result from WebsiteDefender:

ALERT Source code disclosure (http://www.xxxxxx/?bfa_ata_file=css)


http://www.xxxxxx/?bfa_ata_file=css
<?php bloginfo('template_directory');?>


Source code patterns were found on this page. The source code of server-side scripts helps an attacker to better understand the logic behind the Web application and may help him conduct further attacks.


EDIT:

1) On 3.6.4. site(s) - having run WebsiteDefender - this issue does not occur.

2) Only, seemingly, occurs on 3.6.7 site (with the 3.6.7 bug fixes employed).



[By the way, I have NOT, ever, used the plugins AddThis, WP Touch or W3 Total Cache - on any site]

Last edited by KatyDigg; Jul 4, 2011 at 02:54 AM. Reason: update - edit in
  #2  
Old Jul 4, 2011, 06:01 AM
juggledad's Avatar
juggledad
 
23,765 posts · Mar 2009
OSX 10.11.5 WP 4.x Atahualpa(all) Safari, Firefox, Chrome
was the site in 3.6.4 using CSS external or internal?
__________________
"Tell me and I forget, teach me and I may remember, involve me and I learn." - Benjamin Franklin
Juggledad | Forum Moderator/Support
  #3  
Old Jul 4, 2011, 07:29 AM
KatyDigg's Avatar
KatyDigg
 
319 posts · Jul 2009
Quote:
Originally Posted by juggledad
was the site in 3.6.4 using CSS external or internal?
Ah, good point, Juggledad, I'll away and find out right now.

EDIT:

Actually, just had a look and the 3.6.4 site is using CSS inline/internal.

Last edited by KatyDigg; Jul 4, 2011 at 07:37 AM. Reason: 3.6.4 site is using CSS inline/internal
  #4  
Old Jul 11, 2011, 03:38 AM
KatyDigg's Avatar
KatyDigg
 
319 posts · Jul 2009
Simply wish to include this reference link, so as to come back to later.


CSS all dumped into the <head> of the files. Why?



.

Bookmarks

Tags
css, source code disclosure, websitedefender, wp security scan

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with editing source code... RJelley Atahualpa 3 Wordpress theme 5 Mar 22, 2011 12:05 PM
[SOLVED] Source code prooffairy Plugins & Atahualpa 2 Nov 9, 2010 09:12 AM
How do I splice two images into one header in the atahualpa source code? carlos123 Header configuration & styling 4 Aug 15, 2010 03:12 PM
Output HTML source code is bloated islandman Header configuration & styling 3 Sep 18, 2009 09:38 AM
Style from source to CSS stylesheet file? kartun11 Atahualpa 3 Wordpress theme 3 Feb 12, 2009 04:35 PM


All times are GMT -6. The time now is 03:21 AM.


Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.